Author

Topic: Is this site affected 1 of the 6 or so new openssl vulnerabilities ? (Read 505 times)

hero member
Activity: 543
Merit: 500
Here's another thread on the new vulnerabibilities: https://bitcointalksearch.org/topic/new-openssl-vulnerability-640430

I believe that thread in "Development & Technical Discussion" focuses on the affects on the wallet client, while this one in "Meta" focuses on the forum itself. Smiley
hero member
Activity: 508
Merit: 500
legendary
Activity: 910
Merit: 1000
★YoBit.Net★ 350+ Coins Exchange & Dice
good man theymos.

I must apologise for an hositility I have shown towards you in the past; however I will still keep you on your toes, espeaclly when security and what not is at stake Smiley



The forum's OpenSSL was updated yesterday.

Those only affect systems that are affected by heartbleed. So if openssl has been upgraded from the
affected version there is no issues.

No, it's unrelated to heartbleed
administrator
Activity: 5222
Merit: 13032
The forum's OpenSSL was updated yesterday.

Those only affect systems that are affected by heartbleed. So if openssl has been upgraded from the
affected version there is no issues.

No, it's unrelated to heartbleed
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
Those only affect systems that are affected by heartbleed. So if openssl has been upgraded from the
affected version there is no issues.

Oh, good to know. Then there's a bit of FUD in many articles about this news.

Its FUD that this only affects systems that are affected by the heartbleed bug. One of the new bugs is in code that the same person wrote who did the misstakes in heartbleed, maybe thats where this missunderstanding comes from.
From what I read noone uses DTLS anyway. Anonymous ECDH is not used by the forum and barely any homepage for that matter because most use certificates anyway. The only thing that could affect us would be the possible MITM for Bitcoin, but than not really doing any damage AFAIK. You can MITM with Bitcoin anyway, but not get the juicy stuff (private keys).
hero member
Activity: 618
Merit: 500
a clockwork miner
Those only affect systems that are affected by heartbleed. So if openssl has been upgraded from the
affected version there is no issues.

Oh, good to know. Then there's a bit of FUD in many articles about this news.
hero member
Activity: 770
Merit: 500
Those only affect systems that are affected by heartbleed. So if openssl has been upgraded from the
affected version there is no issues.
hero member
Activity: 618
Merit: 500
a clockwork miner
hero member
Activity: 508
Merit: 500
As far as I know, and as theymos announced, bitcointalk is not heartbleed vulnerable anymore. Have new vulnerabilies surfaced?
I used a couple of SSL checkers just now and everything seemed fine.
legendary
Activity: 910
Merit: 1000
★YoBit.Net★ 350+ Coins Exchange & Dice
have not had a chance to fully vertify the new vulnerabilities.
hopefully theymos had ?

any chance you have been able to see if the site is vulnerable ?? from a quick glance one of them were quite serious...

Jump to: